FMLA fraud can devastate a company, but companies should protect the integrity of their investigations to protect themselves.
The Family and Medical Leave Act (FMLA) provides working families balance to their lives when their circumstances take a turn. Whether it’s caring for new life in the household—such as a newborn or a foster child—or to care for an ailing relative, the 1993 act protects employees from being terminated from their jobs when they must take an extended absence for a specific set of reasons. However, abuses of FMLA are extremely common in the American workforce. While suspicions of FMLA abuse should be taken seriously by employers, companies must conduct thorough and unbiased investigations before terminating any employees. Businesses who do not follow protocol can open themselves up to expensive litigation.
In addition to protecting employees from termination during an extended leave, FMLA also requires their various insurance coverage remain in effect. This protection can be guaranteed for up to 12 weeks. According to the Department of Labor:
FMLA is designed to help employees balance their work and family responsibilities by allowing them to take reasonable unpaid leave for certain family and medical reasons. It also seeks to accommodate the legitimate interests of employers and promote equal employment opportunity for men and women.
FMLA applies to all public agencies, all public and private elementary and secondary schools, and companies with 50 or more employees. These employers must provide an eligible employee with up to 12 weeks of unpaid leave each year for any of the following reasons:
the birth and care of the newborn child of an employee;
placement with the employee of a child for adoption or foster care;
to care for an immediate family member (spouse, child, or parent) with a serious health condition; or
medical leave when the employee is unable to work because of a serious health condition.
The use of FMLA within these guidelines (with some exceptions) is designed to protect hard-working men and women from losing their jobs when their family suddenly requires their attention. Life can change so fast, and employees can rest easy knowing their jobs will be waiting for them when they are able to return in top-performing condition.
According to Charlie Plumb, an attorney who represents clients in all phases of management, abuse of this protection should be investigated, provided the employer has an “honest suspicion.” He goes on to say, “This honest suspicion standard is really intended to protect the employer against a claim they are interfering against FMLA leave and/or being retaliatory.”
A familiar scenario is one where an employee has been granted leave under FMLA for a serious illness or injury. The employer then happens to see posts from the employee on social media having fun out with friends, exercising, or driving. The employer might think, “If they’re well enough to do these things, they must be well enough to work.” While this might sound like an open and shut case from the employer’s point of view, Allen Smith of The Society of Human Resources Management, provides an example where this philosophy proved problematic:
“Joan Casciari, an attorney with Seyfarth Shaw in Chicago, said she handled a case that involved an employee who was put on FMLA leave for depression. The employer later discovered, through surveillance, she was doing Christmas shopping with her family and having a wonderful time. But her doctor confirmed “retail therapy” was consistent with her condition and the fact she could shop did not mean she did not require FMLA leave.”
Luckily for the employer in this anecdote, they did their due diligence and consulted a medical professional who could corroborate the circumstances of her FMLA qualifications. Some employers are far hastier. When employers do not conduct comprehensive and objective investigations into suspicious FMLA claims, they can open themselves up to lawsuits that can be devastatingly expensive and a public relations nightmare.
Vigilance of adherence to the guidelines of FMLA becomes manageable when Human Resource directors keep an eye out for certain patterns of behavior, such as absence patterns, especially when they coincide with non-work events (holidays or something personal that they may have mentioned in the past). Employers should also be suspicious of absences directly contradicting any medical certification in frequency or duration.
Once an employer has a reasonable suspicion of FMLA abuse, they should most certainly investigate. However, internal investigations into these kinds of abuses can be very messy for Human Resources and upper management. The aforementioned scenario involving “retail therapy” could have been a disaster if the company had not done their due diligence. Some employers are not so diligent.
Another scenario involving a maintenance worker at a nursing home and rehabilitation center panned out much differently. The employee in question noticed his superior was exhibiting a pattern of absence he found suspicious. He began reviewing surveillance footage to compare to his own personal log of her comings and goings in order to prove she was abusing company time. After discovering the independent investigation, the superior served a series of performance adjustments to the employee before terminating him. The termination came after the employee had submitted an FMLA request. The court found the dates of his termination tied in too closely with his request for FMLA, allowing the employee to take the case to trial.
Scenarios like these are why Human Resources and management should 1) be vigilant of FMLA abuse, and 2) conduct a thorough and unbiased investigation in order to ensure the company is protected from litigation. Many companies choose to handle investigations internally in order to minimize the amount of exposure. However, internal investigations spearheaded by current members of staff, will not only disrupt daily operations, but can also have negative effects like the case of the nursing home. The employee conducting his own investigation may have had honest suspicions of his superior’s misconduct, but he was certainly not a unbiased source to investigate.
Private investigators are probative routes often overlooked when a company has an internal investigation. There are many circumstances under which companies do not want to give up control over an internal investigation, and a private investigator is the definition of a third-party. However, the objectivity of a private investigator is the number one reason why companies should consider them as an option. The personal biases of the persons involved in the previous examples caused the investigation to go south. As an independent contractor, a private investigator’s only loyalty is to the truth. They are vital to ensuring an investigation is a transparent expedition for the truth. This goes a long way towards protecting a business from subsequent lawsuits or bad press.
When handling an investigation internally, employers are limited to what surveillance they can attain from their own equipment or social media. Private investigators are licensed to track individuals and photograph their activity in public. Persons who fraudulently claim to be out for injury can be photographed doing tasks directly contradicting their FMLA claim, like yardwork or lifting heavy groceries. In addition to tracking their public movements, private investigators may also conduct undercover operations in order to investigate any frauds. They are invaluable in this regard as they are not known to those within the company. Whether you’re looking for an FMLA weekender or an FMLA moonlighter, if someone has made a fraudulent FMLA claim, a private investigator is the most-equipped professional to prove or disprove the suspicion.
It is estimated 30% of employees steal from their employer.
Most of us have dealt with a thief during our lifetime. Devious and sneaky, some thieves behave as if stealing is an art. It is usually a theft exposing them; however, many times, they can strike numerous times before getting caught. When theft happens in the workplace, it can not only be a costly lesson but the cause of a business failing.
An estimated 30% of employees steal from their workplace affecting all types of businesses. For instance, if you are running a restaurant with $1 million sales annually, at only 4% theft within the company, your company would be losing $40,000 a year!
Employee theft costs U.S. businesses over $200 billion in annual losses. Not only are companies trying to prevent the public from stealing items, inventory, assets, and ideas from a business, they must also combat thieves on the inside. Unfortunately, 75% of employee-related crimes go undetected.
Theft can take many forms, such as: stealing money, embezzlement, unauthorized use of business or customer identity, and theft of intellectual property, such as cases of patent or trademark infringement.
Combating Theft is Knowing How Employee Theft Occurs.
Cash
Employees who have access to a cash register is the most common way employees steal from companies. If unsecured, petty cash drawers or boxes, can be an easy target for thieves.
In addition, an employee can quote a higher price than the actual price of an item and keep the difference at the point of sale.
If employees have access to credit card information or checks, theft can happen as easily as sticking a few checks inside a folder, costing the owner thousands before it is detected.
Checks and Fraud
Most banks do not verify a signature on a company check making it very easy to sign and cash a check.
Credit card fraud is a number one threat to companies and consumers because most credit card holders admittedly do not check each line item on their credit card statement.
According to the U.S. Small Business Administration (SBA), companies with less than 100 employees, lose approximately $155,000 as a result of fraud each year, a much higher rate than large companies.
Payroll
Employees may often perform actions and falsify records for work they didn’t do, such as requesting reimbursement for travel and other expenses unrelated to work. Employees may also set up fake payroll accounts for workers who have been terminated or retired. Creative thievery abounds.
Time Sheets
Time theft or “Buddy Punching” is a very popular way timesheets may easily be falsified. Individuals complete this theft by having one employee punch another employee in or out for the other.
Excessive breaks, malingering, surfing the Internet, chatting with employees or taking personal phone calls are other ways time theft occurs. While some of these things may not at first be thought of as stealing, all these actions, or inactions, can affect the bottom line and be taking advantage of an employer.
Vendor Accounts
Thieving employees will set up fake vendor accounts, submit phony invoices and issue checks for the false vendor. These checks can then be signed over to themselves and deposited. In addition, a variation would be paying a vendor $500 and writing a check to themselves, expensing the entire $500 to the vendor.
Merchandise
Loss of inventory can happen in the merchandise distribution process but can also happen before merchandise is made available to the public. Many times, employees will take items from a warehouse or newly arrived items before they are scanned into inventory software. Employees have even been known to steal entire shipping trucks containing merchandise headed to their employer’s company.
Supplies
Some employees steal smaller items such as typical office supplies, but furniture and equipment are not off limits for a thief.
Information
Many employees steal information to benefit themselves or a competitor. Types of information include: office memoranda, proprietary products, customer lists and/or other confidential data. Theft can occur by email, printing, or copying information to a flash drive or cell phone, or simply carrying it out in a purse or folder.
Sometimes, theft can be subtler, such as luring customers away, purposefully providing poor service, even spreading rumors to damage a company’s reputation and cause a down-turn in business. All are considered losses.
While there are ways to combat theft within your company, ultimately identifying the thief before they are hired is the most effective way to reduce the occurence of theft.
The SBA recommends: “One of the first steps to preventing fraudulent employee behavior is to make the right hiring decision.”
Background checks are a good practice for any employer, large or small, especially for those employees who will be handling cash, high-value merchandise, or have access to sensitive customer or financial data.
For over twenty-years, Thomas Lauth of Lauth Investigations International has been working nationwide and helping educate employers on methods used to combat theft.
“The first and most effective way to address theft in the workplace, is to conduct an extensive background check,” says Lauth. “A background check can provide insight into an individual’s behavior, character, and integrity.”
Which Types of Background Checks Should You Conduct?
According to the U.S. Chamber of Commerce, upwards to 30% of business failures are caused by employee theft. Thus, conducting effective, extensive background checks helps to mitigate your risk of hiring objectionable or even dangerous employees.
Not all background checks are the same. As you build a profile of your future employee, there are several kinds of background checks you should consider. For example, a criminal background check is different than checking on an individual’s credit score or military service, these require consent. A criminal background check does not require consent; however, some states have laws restricting how you use the information collected during a criminal background check.
Private investigation firms like Lauth Investigations offer complete background checks while helping you comply with the law.
Protecting Your Legal Liability with Background Checks
Smaller businesses often forego background checks for two reasons: 1. A false sense of trust and security developed by business owners working too closely with employees. 2. Most businesses do not understand the legal liabilities associated with the failure to conduct employee screening and background checks.
Any business where employees provide a direct service and interact with customers, such as contractors or daycare providers, is liable if an employee does harm to a customer and the employee has a history of wrongdoing.
A company, big and small. may not recover from this kind of lawsuit.
Choosing the Right Company to Conduct Background Checks
Protecting the interests of your workplace and customers while reducing potential liability is of utmost importance; therefore, it is vital to select a company you can trust to conduct the background screening both efficiently and thoroughly.
While employers can do some background checking of their own, working with an experienced and reputable company can ensure the reliability and thoroughness of the background screening.
Purchasing instant public records found online is not appropriate for conducting potential employee background checks. Most certainly if your hiring decision is based on tpublic record data, your company could land in hot water.
Most public databases do not fact check, clean up or refresh their data providing completely different information than received from an investigative firm experienced in conducting professional, legal and full background screening.
Private investigators have access to databases to determine if a potential employee has a criminal background.
A reputable company providing background screening services will ensure the information you receive is current and accurate.
If a hiring decision is made based upon information found in the background check, in most cases, the company must inform the potential employee of the source used to obtain the information for the background checks (which is where using public databases can get your company in legal trouble).
What can you expect from a professional background check? According to Lauth, it’s all in the details and you pay for what you get. If you want detailed, accurate information, you will choose a Private Investigation Background Search.
Unlike a personal background search using public databases, private investigators have access to several databases providing a variety of information.
Employment history: This search will bring up employment records to include all positions held, making it easier to find discrepancies in a resume. It will also include salaries associated with the positions.
Academic and professional affiliations: Qualifications to include academic history and certification, even if the person did not complete the program.
Criminal records: Including a detailed outline of all criminal activity from traffic warnings and tickets to arrests and convictions. Also, these include jail time served and fines paid.
Financial Standing: Reflects all liens, judgments, bank accounts, current and previous property ownership, repossession of vehicles or other personal property, NSF checks and bankruptcies.
In addition to the typical information received through a personal background check, a private investigator will include:
Worker compensation claims an individual has filed. This can help determine the character of an individual by looking at the number of claims they have filed which could reveal a person is dishonest and fraudulent.
Ascertain causes of accidents or any criminal activity. DMV reports will show accident dates and basic information but do not reflect the cause. Private investigators can provide the cause behind the accident and whether criminal activity was involved.
Information on business and personal partners.
Analysis of all findings.
Relying on an Internet search is risky. A professional background screening will be more in depth than simply entering a name in a database. When a company’s future is at stake, the only way to go to obtain concise information needed to make informed decisions is a professional, private investigations extensive background check.
Written By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
Penetration testing, intrusion testing and red teaming are some of the terms used for ethical hacking.
The word “hacking” almost always has negative connotations. It seems the mention of Chinese hacking, Russian hacking, or DNC hacking receives constant mention in our 24-hour news cycle.
Ethical hacking is also referred to as penetration testing, intrusion testing and red teaming, coined by the government during the 1970’s when they first hired ethical hackers to break into the United States government’s computer systems to test for vulnerabilities.
It is estimated “hackers” cost the United States more than $445 billion annually.
In a Fortune article “Data Breaches Now Cost $4 Million on Average,” according to IBM’s security division, the cost of a breach per incident has risen to $4 million, up 29% since 2013. “We’re now in a mode where these attacks are going to happen even to people that are well prepared,” said Caleb Barlow, a vice president at IBM Security.
Hackers cost the US government and corporations billions annually.
According to Fortune, hackers and cybercriminals cause most breaches, and more than half of data exposures are caused by malicious attacks; the rest are caused by mistakes or glitches.
Ethical hacking is a growing profession utilized by the United States government, technology companies and other institutions.
In the field, experts refer to three major types of hackers:
White Hats: Security professionals or “ethical hackers” who use their expertise to strengthen a network and secure it from criminals.
Black Hats: Malicious hackers or “crackers” who use their skills for malevolent purposes. White hats work to protect computer structures from the Black Hats.
Gray Hats:Iindividuals who become white or black hats depending upon the circumstances and generally proclaim being an ethical hacker.
Many large corporations, such as IBM, employ teams of ethical hackers to keep their IT systems secure.
Why Ethical Hacking is Important
With every breach reported in the media, the need for more effective information security is becoming increasingly evident.
New technologies such as cloud computing, IT outsourcing, and enterprises must adjust their security practices and policies to combat the threat of malicious hacking. To combat threats, ethical hacking is rapidly gaining attention as an essential security practice to be performed on a regular basis.
“The increased sophistication and success rate for recent cyber-attacks is directly related to the shift in the attacker profile, indicating that nation-states and large criminal organizations are funding well organized, highly motivated, and well-trained teams of programmers,” said Chris Rodriguez, Analyst for Frost and Sullivan. “The elevated threat landscape therefor, urgently dictates the need for a comprehensive, real-world assessment of an organization’s security posture,” said Rodriguez.
Ethical hacking provides objective analysis of an organization’s security stance for organizations of any size. Ethical hacking has become a mainstream service, as companies of all sizes pursue expert, objective, third -party analysis.
What is an Ethical Hacker?
Ethical hacking is an ambiguous term used to describe hacking performed by an individual or organization to help penetrate or gain access to identifying potential threats on a computer or a network infrastructure. In short, ethical hackers are simply computer programmers who use their skills in a constructive manner.
Ethical hackers can attempt to bypass security systems to isolate weak points malicious hackers could exploit. In the effort to eliminate or reduce potential criminal hacks, the information gained by the ethical hacker is then used by the company to make improvements to security.
Some may say there is no such thing as an “ethical” hacker. Simply “hacking is hacking” but the most notable hackers are known publicly as cybercriminals or computer criminals because of the damage they inflict on companies and individuals nationwide.
A highly publicized hacking incident where personal information is compromised can damage a company or organization for years.
A cybersecurity professional can have a range of expertise, anywhere from maintenance, administration, architecture, forensic investigation of secure networked systems that are increasingly necessary for the sake of operation of businesses, nonprofits, governments and medical, and educational institutions.
Even training is offered by the International Council for E-Commerce Consultants (EC-Council). The Certified Ethical Hacker (CEH) exam is made up of approximately 125 multiple choice questions and costs about $500 with additional IT certifications available. Training is entirely voluntary.
Ethics
For hacking to be ethical, a hacker must abide by the following informal rules:
Permission to access the network to identify potential security threats.
Respect individual’s right to privacy.
Treat all data, material, and findings as confidential.
Ethics play a vital role in hacking and differentiating innocent activities from computer crimes. Hacking is ethical if the skills are used to enhance a network system. But the issue of ethics can be very risky when one does not know a person’s motivations. With no formal code of ethics or code of honor, this void creates external forces to determine how to respond when ethical predicaments arise.
An ethical hacker will ensure the client’s IT system is properly evaluated for security issues and vulnerabilities, while protecting sensitive, personal and confidential or proprietary information. While accessing an organization’s system, the respected ethical hacker’s integrity will guide the actions of the ethical hacker.
Security Risks
While ethical hacking presents advantages to increase security to protect IT systems and assets, any organization implementing ethical hacking must consider any negative impacts that may arise from the practice.
An ethical hacker is typically contracted to hack the organization’s system. Hiring outside is usually preferred to start from scratch and simulate potential external hacks.
While there is an advantage of ethical hacking because it supports the organization’s efforts to gain more knowledge about the IT Security by identifying vulnerabilities, the main disadvantage is it presents risks of information disclosure. An outsider could intentionally or unintentionally disclose a company’s proprietary information to outside parties.
A dark side always is present where dishonest people will attempt to exploit others. Some risks of working with ethical hackers include:
The ethical hacker using their skills to conduct malicious hacking activities.
Massive security breaches.
Potential the ethical hacker will place malicious code, malware, viruses or other potentially damaging things on a computer system.
Allowing company’s financial, banking, or other proprietary information will be accessed.
Working with an Ethical Hacker
The benefits of working with an ethical hacker are obvious; however, many are overlooked, ranging from simply preventing malicious hacking to preventing national security breaches.
Before implementing any ethical hacking, an organization must ensure the ethical hacker understands the nature of the client’s business, computer or network system. This will help guide the ethical hacker in handling any sensitive confidential or proprietary information they may encounter.
The leadership in a company or organization must determine the sensitivity or confidentiality of the information involved. This will help ensure the ethical hacker does not violate laws, rules or regulations in handling sensitive personal, financial or proprietary information.
There are several guidelines to use when working with an ethical hacker:
An ethical hacker should create a plan including: identifying all networks and components they will test; detail testing intervals; detail testing process.
Require transparency while working with an ethical hacker, requiring all relevant information be reported while the system or network is being accessed. Transparency ensures the client to make immediate decisions and take necessary actions to maintain the security of the system or network.
Establish target areas with written work agreements requiring the ethical hacker not to work beyond those parameters to minimize exposure of sensitive information. The ethical hacker should not access other areas on the computer or networks not specified in the agreement.
Developing a non-disclosure agreement may be in order prior to contracting with an ethical hacker.
Legal Risks
There are legal risks to include lawsuits involving disclosure of personal and confidential information possibly leading to a legal battle involving the organization and the hacker if the work is not done properly. Also, if the hacker makes errors compromising the IT network or company security, it is possible to negatively impact the organization’s general operations and profitability.
With cyberspace growing exponentially over the last decade, complex legal issues have led to the birth of a highly specialized branch of law. Cyber Law or Internet Law pertains to Internet and computer technology related offenses, especially copyright infringement and fraud that involve computers, software, hardware, and information systems (IS).
The Information and Technology Act, 2000 (IT Act) covers all types of cyber-crime, including hacking as provided under sections 43 and 66 which covers negligence and computer-related offenses.
Cyber Law prevents or reduces large-scale damage from cybercriminal activities by protecting information access, communications, privacy and intellectual property.
Ethical hacking is rapidly gaining attention as an essential business practice. Regardless of risks, companies large and small benefit from the work of ethical hackers by protecting a company’s most valuable data and protecting their bottom line.
Written By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
When we think of a spy, given the national news cycle, it may conjure up thoughts of Russians or the Chinese who have been long known for hacking and espionage. However, even more common, but much less talked about, is the business mole, and almost every business in America is susceptible.
Every business sector is vulnerable to Corporate Espionage costing businesses billions of dollars per year.
April 10, 2011, Joseph Muto was hired to work for the top-rated “O’Reilly Factor” but within 3 days, he was discovered by Fox employees to be anonymously writing for Gawker. In the span of 72 hours, Muto wrote a series of articles detailing the internal workings of the network, along with stealing and selling raw video clips. In 2013, he pled guilty to two misdemeanor charges and was dubbed the “Fox Mole.” He was fined $1000 and sentenced to over 200 hours community service. At sentencing, he said he wished he had never betrayed his former employer.
United States industries spend more on research and development of unique products and processes than any other country in the world. The key to success is having an “edge” in the business world. Whether a media company, software developing company or bakery, keeping an edge is key.
When someone steals those “trade secrets”, it is called economic espionage and costs American businesses billions annually. Damages can severely destabilize the victim company to include lost revenue, lost employment, lost investments, interruption in production, damaged reputation, and can even result in a company going out of business.
Corporate espionage conducted by spies or moles believe computers are irrelevant. It is about what data they want, what form they take, and how they can steal it.
The Company Man
The Federal Bureau of Investigation (FBI) states no business, large or small, is immune to the threat of moles and/or spies. Any proprietary process, product, or idea can be a target.
To raise awareness, the FBI in collaboration with the National Counterintelligence and Security Center has launched a nationwide campaign and released a short film called “The Company Man: Protecting America’s Secrets,” based on a true story. Mr. Moore is both unappreciated and unhappy with his career as an engineer at a glass insulation and fire-retardant firm. He is targeted on LinkedIn by a competitor who offers him a position in a rival firm. At first, Moore declines because he signed a non-compete. He is then offered $200,000 to obtain plans for equipment and formula for the glass insulation produced at his firm, RIS.
The FBI states many things drive a person to betray the company where they work.
Moore makes the decision to go to his current boss who then contacts the FBI who initiates a sting. A true story, there was an arrest in the case. However, this may not be the decision every employee would make – which makes every employee a liability in a 400 billion, in the dark. underbelly of America’s global economy.
Spotting Insider Threats
What drives a mole? The FBI states company moles are often “overwhelmed by life-crisis or career disappointment” driving them to leak information.
With email, cell phones, and jump drives, stealing information is far easier than in the past. Greed and financial need, unhappiness at work, the promise of a better job, drug or alcohol abuse, and/or vulnerability to blackmail, can all be contributors, says the FBI.
The FBI says employees who leak trade secrets, such as plans, customer databases, etc. will exhibit behaviors other employees can often identify to help prevent breaches.
Your employees may be the first line of protection when combatting the insider threat.
Potential Indicators:
Drastic changes in behavior, demeanor, or work habits.
Unexplained affluence.
Financial hardship.
Substance abuse.
Attempts to circumvent security procedures.
Long hours at the office without authorization.
Taking home proprietary information.
Unnecessarily copying materials.
Using an unauthorized USB drive.
Unusual use of cell phone during business hours.
Asking inappropriate questions.
Suspicious relationships with competitors.
Leaving traps to detect searches of their office.
Based on FBI’s studies, additionally, there are more subtle things to look for:
Someone hired to steal company information will be experienced in the operation of a business and will be able to identify the value of your company’s trade secrets.
Corporate spies are everyone’s friend. To gain access to a company in order to steal information, a mole will be socially adept with the ability to manipulate people to gain their trust.
Individuals who are frequently wandering or talking in locations they do not need to be to complete their job. Someone who reflects a pattern will always have a reasonable excuse as to why they are not in the correct area or talking to specific employees.
Employees who keep trying to re-open decisions already settled and question advisability of decisions.
They act envious.
Vulnerabilities – Getting Access
Once inside, a mole has a lot of ways to access sensitive information. Spies can even work in pairs, possibly one as a consultant and the other an employee. When you have valuable information, never underestimate the methods others will use to gain access to it.
Spying can be as easy as photocopying papers found on unattended desks or at printers. Walking into an empty meeting room with a laptop and pulling data off the network.
A common ploy is pretending to be an employee. Another ploy often used, posing as IT personnel because it enables the individual to look legitimate while accessing network access points and sitting at someone’s computer. In other cases, spies have posed as cleaning staff, gaining access after-hours.
Criminals capitalize on the common assumption if you are in the building, you must be okay. Investing in your company’s staff to raise awareness is the best investment a company can make.
According to InfoWorld, Peter Wood, Chief of Operations at First Base Technologies, a U.K. based consultant firm performing ethical hacking services, “Spies are interested in anything from financial data to intellectual property and customer data. They might steal information for blackmail purposes, but the most common motive for physical intrusion is industrial espionage.”
Wood says the most common way to intrude upon a company is posing as an employee or a visitor, even creating convincing costumes to pose as a legitimate visitor such as telephone, electrical or maintenance person, a burglar alarm inspector, even someone from the fire department.
Protecting Your Trade Secrets
The FBI lists several ways to protect your workplace from insider threats.
Recognize the threat.
Identify and value trade secrets.
Implement a definable plan for safeguarding trade secrets.
Secure physical trade secrets and limit access to trade secrets.
Provide ongoing security training to employees.
Use protective tools such as screensavers with password controls.
Classify information and store accordingly.
Secure the workplace so visitors do not have access without security screening.
Encrypt data and require strong passwords for employees with liberal access rights.
Develop an insider threat program.
Proactively report suspicious incidents to the FBI before your proprietary information is irreversibly compromised.
Ask the FBI or other security professionals for additional awareness training.
At times, companies are hesitant to report such activity for fear they will risk their trade secrets being disclosed in court or compromised in any way. The FBI will do all it can to minimize business disruption, safeguard data and privacy, and will seek protective orders to preserve business confidentiality and sensitive information. The Department of Justice also has a variety of protections in place to ensure information is protected during a criminal prosecution.
By: Kym Pasqualini, Feature Writer for Lauth Investigations
Scandals can arise anywhere, especially in the workplace, and schools are especially vulnerable. Allegations of sexual misconduct, assault and other accusations violating workplace compliance and law, have severe civil and criminal liability.
We have all heard about sports-related and college scandals, and the newly and highly publicized accusations against Harvey Weinstein that seemingly were permitted to go on for years without anyone acting. These situations can create not only a media frenzy, social media ubiquity and significant liability within a company. How complaints are handled can affect an institution’s reputation for years.
Institutional leadership has a moral, ethical and legal obligation to protect students and employees.
Most importantly, it is the responsibility of an institution to protect their students and employees, and the leadership has a legal, moral and ethical obligation to do so.
An institution’s investigative process, in response to sexual assault or misconduct, needs to be geared toward determining what happened without having preconceived notions of the outcome. The process should be consistently applied, clearly documented, and show the steps followed in achieving the conclusion.
Maintaining a record of this process and the findings is critical to minimizing risk should there be a consequent lawsuit or investigation by an outside entity.
Title IX
President Richard M. Nixon signed Title IX Educational Amendments of 1972 as a comprehensive federal law prohibiting discrimination on the basis of sex in any federally funded education program or activity. In addition, protecting employees and students from sexual misconduct.
Sexual assault and misconduct investigations not meeting legal standards are increasingly resulting in very costly claims. Ensuring Title IX compliance is the best way to minimize risk.
In a 2011, “Dear Colleague” letter (DCL) was issued by the U.S. Department of Education’s Office for Civil Rights (OCR). According to the letter, investigations must be:
Prompt – The DCL defines the meaning of “prompt” as conducting an investigation within 60 days, acknowledging more complex cases may require more time.
Thorough – OCR mandates a case must be “thorough” and the investigation must be conducted in good faith. The employer must have legal grounds to believe the employee participated in misconduct before any disciplinary action is taken.
Courts expect a thorough and adequate investigation in all sexual assault and misconduct cases.
Courts do not focus on whether the employer made the right conclusion but instead, examine the determining process used to ensure the investigation was adequately thorough. For example, analyzing the type and number of interviews conducted, confidentially of the interviews, were they handwritten or recorded and how. The court also notes if the investigator asked non-leading, open-ended questions; encouraged witnesses to clarify or correct testimony; or challenged information provided by witnesses.
Small mistakes may not damage an investigation; however, a case could be considered inadequate simply on the pretense an individual lacked prior experience investigating sexual harassment cases or failed to adequately explore the allegations.
Impartial – It is necessary to remain impartial. For example, the person who made the complaint should not be a supervisor over the individual investigating the complaint. A qualified investigator should always be used to investigate sexual assault and harassment complaints, one who can remain objective and has no stake in the outcome of the case.
There are two recommended models of investigation to be conducted by a trained investigator understanding of the evidence needed to sustain or disprove allegations.
What Are The Numbers?
The Chronicle of Higher Education (CHE) tracks federal investigations of colleges for potential violations of the gender-equity law Title IX involving alleged sexual violence. According to CHE, as of January 10, 2018, there were 337 sexual violence cases under investigation at 243 postsecondary institutions.
A campus investigation differs from a police investigation; however, both can occur at the same time. It just depends on where the victim reports the assault. A victim may feel more comfortable going to campus police than law enforcement for fear they may be doubted or blamed, especially in cases of rape by an acquaintance. Though advocates fear victims being discouraged from coming forward, in several states, lawmakers are now proposing colleges be required to notify law enforcement.
Pre-Investigation
In this model, the investigator meets individually with both parties and witnesses prior to any hearing and provides the information to a panel or hearing official. The goal is to maximize the information obtained during the interview process by questioning parties and witnesses privately to minimize stress for the participants, while also protecting testimony.
Prior-Hearing Investigative Process
The other common model, the investigation is part of the hearing process where an official panel or hearing official questions witnesses, hears testimony, reviews documents and evidence, and makes a conclusion.
While this model may work well for some institutions, it tends to be viewed as adversarial and may affect the overall reliability of the case.
According to United Education’s EduRisk program, while it is the institution’s responsibility to investigate alleged sexual assaults or harassment, and decide if discipline is warranted, this model can inappropriately burden the parties to present their cases by identifying witnesses and evidence for school officials to consider. In addition, most school officials are not trained investigators or private detectives with experience working with such sensitive circumstances.
Proper Documentation
The institution has the responsibility to properly document its investigation of any sexual misconduct allegation to provide a reliable record of all evidence the findings are based. This is especially critical when an allegation may appear meritless on the surface.
Though courts do not favor one method of documenting interviews, ideally, in addition to a final report, an investigator should provide a summarization of evidence, assessment of credibility of witnesses interviewed, and contain only factual conclusions.
Policies and Procedures
Given the importance of sexual assault and other misconduct allegations, it is necessary to have the appropriate policy and procedures to demonstrate the institution’s commitment to the safety of its employees and students, help prevent avoidable crises and support an efficient and effective response.
It is vital to understand when an investigation is warranted, and the purpose of the investigations, to include planning and organizing.
Every institution or company should have policies in place specifically addressing suspected misconduct to help respond reasonably with guidance as to how staff should respond and recommended to utilize experts to help identify vulnerabilities that may exist in an institutions current policies and procedure.
What a Federal Investigation Entails
To most onlookers, the federal investigation process of an institution is opaque. The OCR informs a college it is under investigation and informs whether it is based upon a compliance review or complaint. When it is a complaint, typically, the complainant’s information is not made available.
Federal officials require a great deal of information, such as policies, training material, investigative reports, interviews, incident reports, hearing documents. They will visit the campus to meet with both students and employees as well.
Some OCR investigations can conclude quietly, with an “administrative closure,” “early complaint resolution,” or “insufficient evidence.” Other investigations can result is a letter of findings, not seen until the conclusion, along with a “negotiated resolution agreement” that details policies and procedures a college must change or adopt. To comply, these often require implementing or expanding training programs for faculty, students, and staff, along with modifying policy and procedure.
Investigations are getting tougher. The OCR will likely monitor the college’s progress for years to come.
The best way to avoid investigative, policy and procedure pitfalls is to respond appropriately the first time using a professional investigative agency or experienced private investigator.
Fair and Independent Investigations
Lauth Investigations Sexual Harassment Division is headed by founder Thomas Lauth who has extensive experience investigating sexual misconduct.
One thing has become abundantly clear, after watching the numerous news stories covering sexual assault and harassment, is remaining mindful of the sensitivities involved in such an investigation, making it necessary to address each client’s needs. In addition, a rapid response, both thorough and professional, is necessary so as not to cause more harm.
Sexual assault and other misconduct has serious psychological consequences on the victim. Lauth Investigations professionally conducts sensitive internal investigations related to sexual assault and misconduct with utmost integrity. Our private investigators take great care to develop facts, determine credibility, and reach findings with objectivity and independence, while also exercising discretion and sensitivity.
During an investigation, Lauth Investigations expert private investigators will interview the complainant and witnesses, examine relevant documents, obtain written statements, medical records, email and other communication. At conclusion, a confidential report is delivered to include finding and recommendations that adhere to court and panel oversight.
Title IX investigations differ from a law enforcement investigation, and critical in the initial phase to ensure evidence is preserved, whether it be physical evidence, video surveillance or other important aspects of a proper investigation. Lauth investigators will ensure the investigation is treated with utmost integrity so as not to compromise the investigation.
Our experts can also evaluate and provide recommendations of current policies and procedures to help strengthen the response to sexual assault and misconduct.
Some may say there is no such thing as an “ethical” hacker. Simply “hacking is hacking” but the most notable hackers are known publicly as cybercriminals or computer criminals because of the damage they inflict on companies and individuals nationwide.
The institution has the responsibility to properly document its investigation of any sexual misconduct allegation to provide a reliable record of all evidence the findings are based. This is especially critical when an allegation may appear meritless on the surface.
Thomas Lauth